Build your own Forgot Password PHP Script

This tutorial is about building a forgot password system(Password Resetting System) with PHP when password is encrypted with MD5() ,SHA1() or any other encryption algorithm .

forgot password php

When you are storing the passwords of users in plain text then you can easily send their password to their email id.But in case of encrypted password it is not possible to send the plain password to the users because you can not decrypt these passwords.

Basically there are two ways to reset the passwords.First one is assign a random password to the user and send to their email id,but this method can be misused by other users .For example any member can reset other member’s password if he knows email id.So i will not recommend two use this method.Second method is instead of changing the password , assign a random token for that user when he request for password reset.Store this token into your database and also send this token to user’s email id.The best way to send the token is in form of a link .See the link below…

When user will click on this link you will can easily determine that which user wants to change the password after getting value of token by $_GET[‘token’] and compare this value to all available tokens.Now start a session and ask for new password to your user and store the password in encrypted format in your database.After successful password reset either delete the token or mark that token as used .

If you understand the above method of resetting password then its time code the PHP script.Here is step by step guide to build your own Forgot Password PHP Script.

1).Build tables and database-At first you need to create a file which includes settings for your database to connect.The code is given below ,you just need to change values of all variables.Now open PHPMyAdmin and import the sql file available in attachment or manually create a table name “token” containing three fields email ,password and used.

Database settings

PHP

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

<?php

//file name: settings.php

//Title:Build your own Forgot Password PHP Script

functionconnect()

{

$host="localhost";//host

$uname="root";//username

$pass="";//password

$db='test';//database name

$con=mysql_connect($host,$uname,$pass);

if(!$con)

{

die('Could not connect: '.mysql_error());

}

mysql_select_db($db,$con);}

2).Password reset form-Build a simple form using HTML which ask for email id of user.You may use CAPTCHA for better security.I am doing this without CAPTCHA so here is the code .

Password reset form

PHP

1

2

3

4

5

6

7

8

<?php

//file name: forgotpassword.php

//Title:Build your own Forgot Password PHP Script

echo'<form action="forgotpassword.php">

Enter Your Email Id:

<input type="text" name="email" />

<input type="submit" value="Reset My Password" />

</form>';

3).Assign a token and mail it-After getting email id of user first check that email id exist in your database or not.If email id exist then assign a random token ,store the token in a table say “token” with user’s email id and send a password reset link to the user.

Import the table “tokens.sql” from download source there is already a column named “used”.If you have created table manually then you have to add that column.Without “used” column it will not work.

meet

thanks for your help…amit…but in reset.php page program does not execute on if(!isset($_POST[‘password’])){} the same thing happen in if(isset($_POST[‘password’])&&isset($_SESSION[’email’])) ….what should i do?

Well ,while cross checking this script I have found a bug which was sending an email to non-registered user. Please replace line 17 of forgotpassword.php with given code.

if($n==0){echo “Email id is not registered”;die();}

Connor

Hi Amit
Nice script thank you very much. I’m having a small issue: The email is received but the link only points to the main page not the reset.php page. Any idea’s how I’ve manged to mess this up.
Regards
Connor

Apologies, not sure I understand
This is my code at line 34:
$uri = ‘http://’. $_SERVER[‘HTTP_HOST’] ;
and this is line 41:
Click on the given link to reset your password Reset Password
Your assostance greatly apprecited.
Regards
Connor

Line 34 is ok…actually I have misplaced a double quote at line 41.So if you replace line 41 with correct code ,it will work fine.I have already updated the tutorial either you can copy the same line or you can download the updated source from same download link.If you have still any problem feel free to ask..

A H KHAN

Failed to connect to mailserver at “localhost” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set()

Probably you are testing this this script on your local system .To avoid this error simply use any free hosting site .or
use these settings
ini_set(“SMTP”,”mail.example.com”);//You need to find mail server of your ISP.
ini_set(“smtp_port”,25);
ini_set(“sendmail_from”,”mail@example.com”);

nilesh

Warning: mail() [function.mail]:
Failed to connect to mailserver at “localhost” port 25, verify your
“SMTP” and “smtp_port” setting in php.ini or use ini_set() in C:wampwwwforgot passwordforgotpassword.php on line 51

Sir
I have done according to above link but could’ t understand anything please may you send another link by using this i can send mail on local host

naqqash

Sir i want to confirm that your giving source code have only 1
token.sql and even 1 table tokens. but in your code you are using two tables like : “tokens” and “users”.I want to confirm that will user
saved the email into two tables like “users” and token at the time of
registration ?

It means your server is not sending mail.There is a problem with postfix mail server configuration.I have never used postfix so I don’t have any idea so you can search on Google for correct configuration.

VERY VERY USEFULL!!! again thanks for providing the source code.. haveing a hard time here to follow the steps..

Vinay

Hey
Amit.. I used your rating script. It’s working perfectly fine.. I just
found a glitch though… Say for the first time I rated just the first
one to 5… I refreshed the page… And I see that rating for all 3_ID’s
are filled up as 5… Can you please help me in fixing it ?

Kurt Chun

Really appreciate~! Thankss~

Kim Vojensky

Hello, I get an error: that the password was changed successful AND an error occurred. Can you help with that? The password is not updated. Thank you for the tutorial, I’m learning quite a bit!

Thanks!

Florin

I receive this error:

Your password is changed successfullyAn error occurred

in my database not changed password

Himanshu

Thanks budy it works for me

vimal

hai amit sir, recently im using this code thanks,all is done but i have one error please resolve this.Notice: Undefined index: password in C:wampwwwforgotpasswordreset.php on line 18

r3

if(isset( …check password….)){ code here….} it may be work, try it

vimal

yes its working,thanks r3…

adelson1

Sorry but i dont understand. what do i have to insert inside if(isset ?

Harry

I am getting this error….i google it but not getting any solution.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in forgotpassword.php on line 16